Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update README.IPv6 to match what is in 2.3.0
IPv6 is no longer provided by external patches - all has been integrated. Document that fact, point at the new configuration options, and at potential caveats. Acked-by: David Sommerseth <davids@redhat.com> Message-Id: 1359113954-25768-1-git-send-email-gert@greenie.muc.de URL: http://article.gmane.org/gmane.network.openvpn.devel/7305 Signed-off-by: Gert Doering <gert@greenie.muc.de>
- Loading branch information
Showing
1 changed file
with
53 additions
and
85 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,97 +1,65 @@ | ||
Since 2.3.0, OpenVPN officially supports IPv6, and all widely used | ||
patches floating around for older versions have been integrated. | ||
|
||
IPv6 payload support | ||
-------------------- | ||
|
||
Latest IPv6 payload support code and documentation can be found from here: | ||
This is for "IPv6 inside OpenVPN", with server-pushed IPv6 configuration | ||
on the client, and support for IPv6 configuration on the tun/tap interface | ||
from within the openvpn config. | ||
|
||
The code in 2.3.0 supersedes the IPv6 payload patches from Gert Doering, | ||
formerly located at http://www.greenie.net/ipv6/openvpn.html | ||
|
||
|
||
http://www.greenie.net/ipv6/openvpn.html | ||
The following options have been added to handle IPv6 configuration, | ||
analogous to their IPv4 counterparts (--server <-> --server-ipv6, etc.) | ||
|
||
For TODO list, see TODO.IPv6. | ||
- server-ipv6 | ||
- ifconfig-ipv6 | ||
- ifconfig-ipv6-pool | ||
- ifconfig-ipv6-push | ||
- route-ipv6 | ||
- iroute-ipv6 | ||
|
||
Gert Doering, 31.12.2009 | ||
see "man openvpn" for details how they are used. | ||
|
||
|
||
|
||
IPv6 transport support | ||
---------------------- | ||
|
||
[ Last updated: 25-Mar-2011. ] | ||
|
||
OpenVPN-2.1 over UDP6/TCP6 README for ipv6-0.4.x patch releases: | ||
( --udp6 and --tcp6-{client,server} ) | ||
|
||
* Availability | ||
Source code under GPLv2 from http://github.com/jjo/openvpn-ipv6 | ||
|
||
Distro ready repos/packages: | ||
o Debian sid official repo, by Alberto Gonzalez Iniesta, | ||
starting from openvpn_2.1~rc20-2 | ||
o Gentoo official portage tree, by Marcel Pennewiss: | ||
- https://bugs.gentoo.org/show_bug.cgi?id=287896 | ||
o Ubuntu package, by Bernhard Schmidt: | ||
- https://launchpad.net/~berni/+archive/ipv6/+packages | ||
o Freetz.org, milestone freetz-1.2 | ||
- http://trac.freetz.org/milestone/freetz-1.2 | ||
|
||
* Status: | ||
o OK: | ||
- upd6,tcp6: GNU/Linux, win32, openbsd-4.7, freebsd-8.1 | ||
- udp4->upd6,tcp4->tcp6 (ipv4/6 mapped): GNU/Linux | ||
(gives a warning on local!=remote proto matching) | ||
o NOT: | ||
- win32: tcp4->tcp6 (ipv4/6 mapped) fails w/connection refused | ||
o NOT tested: | ||
- mgmt console | ||
|
||
* Build setup: | ||
./configure --enable-ipv6 (by default) | ||
|
||
* Usage: | ||
For IPv6 just specify "-p upd6" an proper IPv6 hostnames, adapting the example | ||
from man page ... | ||
|
||
On may: | ||
openvpn --proto udp6 --remote <june_IPv6_addr> --dev tun1 \ | ||
--ifconfig 10.4.0.1 10.4.0.2 --verb 5 --secret key | ||
|
||
On june: | ||
openvpn --proto udp6 --remote <may_IPv6_addr> --dev tun1 \ | ||
--ifconfig 10.4.0.2 10.4.0.1 --verb 5 --secret key | ||
|
||
Same for --proto tcp6-client, tcp6-server. | ||
|
||
* Main code changes summary: | ||
- socket.h: New struct openvpn_sockaddr type that holds sockaddrs and pktinfo, | ||
(here I omitted #ifdef USE_PF_xxxx, see socket.h ) | ||
|
||
struct openvpn_sockaddr { | ||
union { | ||
struct sockaddr sa; | ||
struct sockaddr_in in; | ||
struct sockaddr_in6 in6; | ||
} addr; | ||
}; | ||
|
||
struct link_socket_addr | ||
{ | ||
struct openvpn_sockaddr local; | ||
struct openvpn_sockaddr remote; | ||
struct openvpn_sockaddr actual; | ||
}; | ||
|
||
PRO: allows simple type overloading: local.addr.sa, local.addr.in, local.addr.in6 ... etc | ||
(also local.pi.in and local.pi.in6) | ||
|
||
- several function prototypes moved from sockaddr_in to openvpn_sockaddr | ||
- several new sockaddr functions needed to "generalize" AF_xxxx operations: | ||
addr_copy(), addr_zero(), ...etc | ||
proto_is_udp(), proto_is_dgram(), proto_is_net() | ||
|
||
* For TODO list, see TODO.IPv6 | ||
|
||
-- | ||
JuanJo Ciarlante jjo () google () com ............................ | ||
: : | ||
. Linux IP Aliasing author . | ||
. Modular algo (AES et all) support for FreeSWAN/OpenSWAN author . | ||
. OpenVPN over IPv6 support . | ||
:...... plus other scattered free software bits in the wild ...: | ||
This is to enable OpenVPN peers or client/servers to talk to each other | ||
over an IPv6 network ("OpenVPN over IPv6"). | ||
|
||
The code in 2.3.0 supersedes the IPv6 transport patches from JuanJo Ciarlante, | ||
formerly located at http://github.com/jjo/openvpn-ipv6 | ||
|
||
|
||
Use the following options to select IPv6 transport: | ||
|
||
--proto udp6 | ||
--proto tcp6-client | ||
--proto tcp6-server | ||
--proto tcp6 --client / --proto tcp6 --server | ||
|
||
On systems that permit IPv4 connections on IPv6 sockets (Linux by | ||
default, FreeBSD and NetBSD if you turn off the "v6only" sysctl by | ||
running "sysctl -w net.inet6.ip6.v6only=0"), an OpenVPN server can | ||
handle IPv4 connections on the IPv6 socket as well, making it a true | ||
dual-stacked server. | ||
|
||
On other systems, as of 2.3.0, you need to run separate server instances | ||
for IPv4 and IPv6. | ||
|
||
The client side code is not really "dual-stacked" yet, as it does not | ||
automatically try both address families when connecting to a dual-stacked | ||
server. For now, you can achieve this with <connection> stanzas in your | ||
openvpn config: | ||
|
||
<connection> | ||
remote my.dual.stack.server 1194 udp6 | ||
</connection> | ||
<connection> | ||
remote my.dual.stack.server 1194 udp | ||
</connection> |